FTC Files First Spyware SuitThe Federal Trade Commission filed its first spyware case, the agency announced yesterday, targeting a New Hampshire company accused of deceptively installing advertising and Web monitoring software on consumers' computers.
The FTC filed suit last week in U.S. District Court in New Hampshire against Sanford Wallace and his company, Seismic Entertainment Productions, alleging that consumers were tricked into downloading software that would alter their home page, launch a barrage of pop-up ads and take over their browser's search function.
"This may be our first case but it won't be our last," Lydia Parnes, acting director of the FTC's consumer protection division, said at a news conference.
Wallace is no stranger to controversy regarding his Internet marketing tactics. He earned the moniker "Spamford" in the late 1990s for sending millions of unsolicited e-mails through his company, Cyber Promotions. EarthLink won a $2 million judgment against Wallace in March 1998, and he subsequently left the e-mail marketing business, according to reports. He was unavailable for comment on the case.
The FTC charges that Wallace moved from spam to spyware, a new form of intrusive marketing online that relies on software downloaded without consumer consent to track Internet behavior and serve advertising.
Parnes said the FTC had not ruled out bringing action against the businesses that aided and profited from Seismic's activities. Seismic drew visitors to its sites through ad networks, including banners on sports sites kingofchaos.com and cdmsports.com, according to the complaint. The FTC said visitors to sites were automatically directed to a Seismic Web site through hijacking code inserted in the ads.
Web sites running the ads received them through 24/7 Real Media and other online ad networks, according to the Center for Democracy and Technology, a Washington, DC, group that lodged the FTC complaint in February. The New York online ad network acknowledged that it served ads for Seismic, which it took down when it became aware of the malicious code.
"We're just a lot more careful now with who we allow to serve their own creative directly," Mark Moran, 24/7 Real Media's senior vice president and general counsel, wrote in an e-mail message.
Seismic also participated in affiliate programs to market products for businesses and display search advertising links. According to the FTC suit, Seismic displayed pop-up ads for $30 anti-spyware software, called Spy Wiper and Spy Deleter, both made by an Atlanta company. Spy Deleter did not respond to a request for comment.
The complaint also names second-tier search engine 7Search.com as one company tied to Seismic spyware through its affiliate program. The FTC said 7Search paid search listings were displayed when searches were conducted through the Internet Explorer browser on computers carrying Seismic's software.
"It's possible that the advertisers didn't know that traffic was being driven to their sites this way, and it's possible they did know," Parnes said. "That's something we'll look at."
Michael Steffen, the Center for Democracy and Technology analyst who compiled the complaint, said affiliate networks and complicated partnerships make determining the source of spyware difficult.
"Companies are going to have to get better at proactively policing these affiliates," he said.
Pete Prestipino, director of press relations at 7Search.com, Chicago, said Wallace was a member of 7Search's affiliate program for six months, beginning last October, during which time he collected $2,500 in commissions. In April, 7Search kicked him out of the program in response to advertiser complaints, Prestipino said, and refunded advertisers for click charges generated from Seismic.
"Ninety-nine percent of our affiliates are legitimately interested in providing a service for their customers and profiting from it," he said. "This gives the Internet a bad name."
According to the FTC complaint, Seismic violated the FTC Act's provisions against unfair business practices by distributing spyware through various Web sites, including passthison.com and smartbotpro.net, which added code to Internet Explorer browsers. The code changed users' home page, triggered pop-up ads and installed other software.
The FTC charges that one change Seismic's software made altered browser search engines to display different search results, including those of 7Search.com.
Prestipino said 7Search has 5,000 affiliates that use its paid search listings to drive traffic to 7Search's advertisers. To avoid problems, the company relies on periodic checks of partner Web sites and feedback from advertisers about bad traffic.
"We don't check every single affiliate that comes in," he said.
The FTC's suit requests an injunction against Seismic and monetary damages. Parnes said the FTC is investigating other spyware cases. She said the commission has not taken a position on anti-spyware legislation passed last week by the House of Representatives and Senate. The bills call for consumer consent for software downloads and mandate that the software be easy to uninstall.
"This was clearly a good case for the FTC to get its feet wet in this area," Steffen said. "This one was extremely clear cut."